0026434: Use of _SERVER['HTTP_HOST'], _SERVER['SERVER_NAME'], and _SERVER['HTTP_X_FORWARDED_HOST'] should be avoided

Description

HTTP_HOST, HTTP_X_FORWARDED_HOST, and SERVER_NAME can be easily spoofed by inserting a Host header from the client side. Mantis uses that as the server hostname to construct every link. The using of those variables are integrated in $g_path in the config_defaults_inc.php file.